gpt4 book ai didi

ghost-blog - 幽灵博客客户端 ID secret 显示在头部

转载 作者:行者123 更新时间:2023-12-03 10:04:57 25 4
gpt4 key购买 nike

我正在使用 API beta 为生产站点开发幽灵博客,并使用查看源代码,我可以看到如下:

ghost.init({
clientId: "ghost-frontend",
clientSecret: "xxxxxxxxxxx"
});

在 html 头部分,是这样吗? secret 不应该被隐藏吗?尽管显然是客户端,但它应该在客户端。

最佳答案

根据 Ghost 文档,这些凭据用于客户端身份验证。客户端身份验证仅提供对公共(public) Ghost API 的访问权限,这基本上是您的读者当前可以在您的 Ghost 博客上访问的任何内容,无需身份验证。因此,公开这些凭据应该不是问题,因为它们只能用于访问公共(public)信息。此外,API 请求当前必须来自与 config.js 文件中指定的域相同的域。

来自 Ghost API Documentation :

Please be aware that as of current Ghost versions, Client Authentication is only available as part of the Public API Beta, and only provides access to read public data.

The 'Public' API essentially reflects the behaviour of a blog - it provides read access to any data that a user/reader of a blog would be able to see.

For the time being Client Authentication is restricted to the domain specified in your config.js file, meaning that requests that come from a theme will work, but requests from another site will not.



这就是他们这样做的原因:

Ghost’s JSON API has the same abilities as the admin panel (in fact the admin panel uses the API) – so it will eventually be possible to read and write any data you have permissions for using the API. Some data in a blog is inherently public: your published posts, tags, and active users (minus their email and password hash). For this first release, we’re only providing access to read public data.

Additionally, for the first release, we’re only making it possible to read that data from within the theme / frontend of your blog. This is because the ‘client’ authentication that we’re providing only permits requests from internally known domains. All of this will be expanded upon in later releases where there will be a UI to create clients for different kinds of access.



https://help.ghost.org/article/11-public-api-beta

关于ghost-blog - 幽灵博客客户端 ID secret 显示在头部,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36539910/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com